the patch does 3fold:
- fix the js not to do things which are unneccesary and some browsers seem to not understand properly (have a function pointer in place instead of simply declaring a function)
- put the login dialog hidden into the header if one is not logged in, and let the .js simply uncover it once the user clicks / calls the .js function (which had a typo, so the dialog text would allways be there...)
- so the login js doesn't load this login.html anymore - saves an http request.
the symptoms of your system is to send an HTTP 401 to do_template, which it definitely shouldn't.
if you use i.e. teh firebug or its chrome equivalent (F12...) you see that the pop brings you the regular logged in page as it should (in advance to the 401)
so... you need to find out why the 401 comes.
maybe its session missmatch or some citserver communication issue...
